To use SSL termination in Operations Manager, you must configure your own load balancer.

Production environments must use a highly-available customer-provided load balancing solution that:

• Provides SSL termination with wildcard DNS location
• Provides load balancing to each of the TAS for VMs Gorouter IPs
• Adds appropriate x-forwarded-for and x-forwarded-proto HTTP headers

To use your own load balancer:

1. Register one or more static IP address for Operations Manager with your load balancer.

2. Create an A record in your DNS that points to your load balancer IP address. The A record associates the System domain and Apps domain that you configure in the Domains pane of the TAS for VMs tile with the IP address of your load balancer.
   
   For example, with .example.com as the main subdomain for your Operations Manager installation and a load balancer IP address 198.51.100.1, you must create an A record in your DNS that serves example.com and points *. to 198.51.100.1.

   Name	Type	Data	Domain
   *.tas	A	198.51.100.1	example.com

3. Go to the Tanzu Operations Manager Installation Dashboard.

4. Click the TAS for VMs tile.

5. Select Networking.

6. In the Gorouter IPs field, enter the static IP address for Operations Manager that you have registered with your load balancer. Enter multiple IP addresses as a comma-separated list or as a range.

7. Provide your SSL certificate in the Certificates and private keys for the Gorouter fields. For more information, see Providing a Certificate for your TLS Termination Point.

When adding or removing TAS for VMs Gorouters, you must update your load balancing solution configuration with the appropriate IP addresses.